Off-the-shelf cybersecurity training courses often claim to do a, b, and c, because they have done so in the past. These claims should come with the caveat that past performance is no guarantee of future results because it is very unlikely the exact same off-the-shelf cybersecurity training course will achieve the exact same results with a different audience.
Furthermore, in a different audience, there may be a different range of knowledge and susceptibilities – from employees who will click on any link in a Facebook post that arouses their curiosity to seasoned cyber-veterans who have experienced the consequences of a cyberattack and are always on alert for the next one.
Educating people about cybersecurity who are at different ends of the awareness spectrum is difficult when you attempt to use a “one-size-fits-all” training course. Social media devotees tend to think cybersecurity is the IT department´s problem, while seasoned veterans may not give training their full attention when they feel it is light and flimsy.
Consequently, cybersecurity training needs to be flexible so it can be tailored to appeal to everyone in the organization. But how do you convince a social media devotee to take responsibility for cybersecurity, or a seasoned veteran that the training is credible? The answer is a customizable security awareness platform with gamification capabilities.
SafeTitan is a fully customizable security awareness training and phishing simulation platform that includes more than 1,800 phishing templates and more than 80 animated videos. Each phishing template can have training material automatically sent to employees if they fail to spot a phish, while each video can be followed by an editable quiz with varying difficulty levels.
If you have employees at either end of the awareness spectrum, you can tailor the platform´s capabilities to encourage them to engage with your cybersecurity training. For example:
- Share a phishing link purporting to come from Facebook with social media devotees so they reveal their account login. Then take control of the account as any cybercriminal would (This is not illegal provided an employer does not use any information on the Facebook page to discriminate again an employee).
- Change the SPF record in the platform so it appears an email to seasoned cyber-veterans requesting the donation of a (low value) Google Play gift card comes from a trusted work colleague. It is a good idea to let the “trusted colleague” know you are doing this and be ready to refund the cost of the gift cards.
- For practically everybody else, send a phishing invitation to an after work free bar for employees who respond to the phishing email with their email username and password. You might still have to provide the free bar, but this will give you an opportunity to discuss why your employees fell for the phish – as well as reminding them to change their passwords in the morning.
It is surprising what you can do – and what you can achieve – with flexible cybersecurity training; and, if you would like to know more about the SafeTitan platform, do not hesitate to get in touch and request a free demo of SafeTitan in action.